Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am i infected?


  • Please log in to reply
6 replies to this topic

#1 Quickzz x Skippy

Quickzz x Skippy

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 14 October 2012 - 12:54 PM

Hello,
I seem to have a virus that opens programs that take alot of ram
in my task manager it looks like this:
65492.exe avufghie

OS:
WINDOWS 7 32-BIT


Help would be appreciated

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:01 AM

Posted 14 October 2012 - 01:13 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Quickzz x Skippy

Quickzz x Skippy
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 14 October 2012 - 02:36 PM

TDSS KILLED:
NO THREATS


ASWMBR:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-14 21:35:41
-----------------------------
21:35:41.331 OS Version: Windows 6.1.7601 Service Pack 1
21:35:41.331 Number of processors: 4 586 0x170A
21:35:41.331 ComputerName: GEBRUIKER-PC UserName: Gebruiker
21:35:44.091 Initialize success
21:35:47.122 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-5
21:35:47.122 Disk 0 Vendor: Hitachi_HDS721010CLA332 JP4OA39C Size: 953869MB BusType: 3
21:35:47.122 Disk 0 MBR read successfully
21:35:47.122 Disk 0 MBR scan
21:35:47.132 Disk 0 Windows 7 default MBR code
21:35:47.132 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:35:47.142 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 455900 MB offset 206848
21:35:47.162 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 497867 MB offset 933890048
21:35:47.172 Disk 0 scanning sectors +1953521664
21:35:47.232 Disk 0 scanning C:\Windows\system32\drivers
21:35:50.032 Service scanning
21:35:53.812 Service MpKsl72031688 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E97FD37A-3846-4F1B-BDB4-4B2EBB214C47}\MpKsl72031688.sys **LOCKED** 32
21:35:59.252 Modules scanning
21:36:04.382 Disk 0 trace - called modules:
21:36:04.722 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
21:36:04.722 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xc33e34f0]
21:36:04.732 3 CLASSPNP.SYS[c8f8959e] -> nt!IofCallDriver -> [0xc2ea7918]
21:36:04.732 5 ACPI.sys[c8aa53d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-5[0xc2eb8030]
21:36:04.742 Scan finished successfully
21:36:24.592 Disk 0 MBR has been saved successfully to "C:\Users\Gebruiker\Desktop\MBR.dat"
21:36:24.602 The log file has been saved successfully to "C:\Users\Gebruiker\Desktop\aswMBR.txt"



ESET ONLINE SCANNER:
C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21QSYUOI\blackwolf[1].exe a variant of MSIL/Kryptik.FK trojan cleaned by deleting - quarantined
C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7T6BMAV2\blackkaid[1].exe a variant of MSIL/Kryptik.FK trojan cleaned by deleting - quarantined
C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\REKMV1XQ\steal[1].exe a variant of MSIL/Kryptik.FK trojan cleaned by deleting - quarantined
C:\Users\Gebruiker\AppData\Local\Temp\2421.exe a variant of MSIL/Kryptik.FK trojan cleaned by deleting - quarantined
C:\Users\Gebruiker\AppData\Local\Temp\30521.exe a variant of MSIL/Kryptik.FK trojan cleaned by deleting - quarantined
C:\Users\Gebruiker\AppData\Local\Temp\36148.exe a variant of MSIL/Kryptik.FK trojan cleaned by deleting - quarantined
C:\Users\Gebruiker\AppData\Local\Temp\3637.exe a variant of MSIL/Kryptik.FK trojan cleaned by deleting - quarantined
C:\Users\Gebruiker\AppData\Local\Temp\3867.exe a variant of MSIL/Kryptik.FK trojan cleaned by deleting - quarantined
C:\Users\Gebruiker\AppData\Local\Temp\46554.exe a variant of MSIL/Kryptik.FK trojan cleaned by deleting - quarantined
C:\Users\Gebruiker\AppData\Local\Temp\48892.exe a variant of MSIL/Kryptik.FK trojan cleaned by deleting - quarantined
C:\Users\Gebruiker\AppData\Local\Temp\54468.exe a variant of MSIL/Kryptik.FK trojan cleaned by deleting - quarantined
C:\Users\Gebruiker\AppData\Local\Temp\55039.exe a variant of MSIL/Kryptik.FK trojan cleaned by deleting - quarantined
C:\Users\Gebruiker\AppData\Local\Temp\59871.exe a variant of MSIL/Kryptik.FK trojan cleaned by deleting - quarantined
C:\Users\Gebruiker\AppData\Local\Temp\65492.exe a variant of MSIL/Kryptik.FK trojan cleaned by deleting - quarantined
C:\Users\Gebruiker\AppData\Local\Temp\80646.exe a variant of MSIL/Kryptik.FK trojan cleaned by deleting - quarantined
C:\Users\Gebruiker\AppData\Local\Temp\95495.exe a variant of MSIL/Kryptik.FK trojan cleaned by deleting - quarantined
C:\Users\Gebruiker\AppData\Roaming\Adobe\reader.exe a variant of MSIL/Kryptik.FK trojan cleaned by deleting - quarantined
C:\Users\Gebruiker\AppData\Roaming\Microsoft\messenger.exe a variant of MSIL/Kryptik.FK trojan cleaned by deleting - quarantined
C:\Users\Gebruiker\AppData\Roaming\vlc\vlc.exe a variant of MSIL/Kryptik.FK trojan cleaned by deleting - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:01 AM

Posted 14 October 2012 - 02:43 PM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#5 Quickzz x Skippy

Quickzz x Skippy
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 15 October 2012 - 08:21 AM

MALLWARE BYTES:
Malwarebytes Anti-Malware (-evaluatieversie-) 1.65.0.1400
www.malwarebytes.org

Databaseversie: v2012.10.15.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Gebruiker :: GEBRUIKER-PC [administrator]

Realtime bescherming: Ingeschakeld

15-10-2012 12:11:34
mbam-log-2012-10-15 (12-44-07).txt

Scantype: Volledige scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 270536
Verstreken tijd: 32 minuut/minuten, 11 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 1
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Geen actie ondernomen.

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 4
C:\Users\Gebruiker\AppData\Local\Temp\Rar$EXa0.951\Sony Vegas Pro 11 Cracking Tools\Sony Product Keygen.exe (RiskWare.Tool.CK) -> Geen actie ondernomen.
C:\Users\Gebruiker\AppData\Local\Temp\Rar$EXa0.951\Sony Vegas Pro 11 Cracking Tools\Sony Vegas Pro 11 Crack.exe (RiskWare.Tool.HCK) -> Geen actie ondernomen.
C:\Users\Gebruiker\Desktop\sony vegas crack+keygen files\Sony Product Keygen.exe (RiskWare.Tool.CK) -> Geen actie ondernomen.
C:\Users\Gebruiker\Desktop\sony vegas crack+keygen files\Sony Vegas Pro 11 Crack.exe (RiskWare.Tool.HCK) -> Geen actie ondernomen.

(einde)

minitoolbox:
===========================================================================
Actieve routes:
Indien metrische netwerkbestemming Gateway
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:5ef5:79fd:41f:3590:ad62:91f0/128
On-link
14 276 2620:9b::/96 On-link
14 276 2620:9b::5a5:d1ff/128 On-link
11 276 fe80::/64 On-link
14 276 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::41f:3590:ad62:91f0/128
On-link
14 276 fe80::4dbc:165:f2c:3f9b/128
On-link
11 276 fe80::8068:c2e0:12a6:270b/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
11 276 ff00::/8 On-link
14 276 ff00::/8 On-link
===========================================================================
Permanente routes:
Indien metrische netwerkbestemming Gateway
0 4294967295 2620:9b::/96 On-link
===========================================================================
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/15/2012 02:51:02 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/15/2012 00:10:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/14/2012 08:04:55 PM) (Source: Application Hang) (User: )
Description: Het programma vegas110.exe, versie 11.0.0.700 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum in het Configuratiescherm.

Proces-id: 1b1c

Starttijd: 01cdaa35f3088fc9

Eindtijd: 0

Toepassingspad: C:\Program Files\Sony\Vegas Pro 11.0\vegas110.exe

Rapport-id:

Error: (10/14/2012 01:21:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/13/2012 09:47:24 PM) (Source: Application Hang) (User: )
Description: Het programma League of Legends.exe, versie 1.0.0.148 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum in het Configuratiescherm.

Proces-id: 1b14

Starttijd: 01cda97a11996940

Eindtijd: 0

Toepassingspad: C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.192\deploy\League of Legends.exe

Rapport-id:

Error: (10/13/2012 06:54:50 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/13/2012 06:51:52 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/13/2012 04:29:30 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/12/2012 06:26:20 PM) (Source: VSS) (User: )
Description: Fout in de Volume Shadow Copy-service: onverwachte fout bij het uitvoeren van een query voor de IVssWriterCallback-interface. hr = 0x80070005, Toegang geweigerd.
.
Dit wordt vaak veroorzaakt door onjuiste beveiligingsinstellingen in het writer- of requestorproces.


Bewerking:
Schrijvergegevens verzamelen

Context:
Klasse-id van schrijver: {e8132975-6f93-4464-a53e-1050253ae220}
Naam van schrijver: System Writer
Instantie-id van schrijver: {5ca786bb-af53-4dc0-9b2b-079385edb54a}

Error: (10/12/2012 04:24:50 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/14/2012 09:45:42 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installatiefout: de volgende update kan niet worden ge´nstalleerd, foutcode 0x800b0100: KB2731771: Update voor Windows 7.

Error: (10/14/2012 01:37:11 PM) (Source: BROWSER) (User: )
Description: De Browser-service heeft te vaak de reservelijst op transport \Device\NetBT_Tcpip_{27F50BF9-E571-4014-B3E1-AB89DBBA234A} niet kunnen ophalen.
De reservebrowser is gestopt.

Error: (10/14/2012 01:20:21 PM) (Source: bowser) (User: )
Description: De masterbrowser heeft een servermelding ontvangen van computer ANN-PC
die meent de masterbrowser voor het domein te zijn op transport NetBT_Tcpip_{27F50BF9-E571-4014-B3E1-AB89DBBA234.
De masterbrowser wordt gestopt of er wordt een verkiezing afgedwongen.

Error: (10/13/2012 10:30:36 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installatiefout: de volgende update kan niet worden ge´nstalleerd, foutcode 0x800b0100: KB2731771: Update voor Windows 7.

Error: (10/13/2012 08:40:52 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installatiefout: de volgende update kan niet worden ge´nstalleerd, foutcode 0x800b0100: KB2731771: Update voor Windows 7.

Error: (10/13/2012 07:39:29 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installatiefout: de volgende update kan niet worden ge´nstalleerd, foutcode 0x800b0100: KB2731771: Update voor Windows 7.

Error: (10/13/2012 06:58:42 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installatiefout: de volgende update kan niet worden ge´nstalleerd, foutcode 0x800b0100: KB2731771: Update voor Windows 7.

Error: (10/13/2012 06:57:38 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installatiefout: de volgende update kan niet worden ge´nstalleerd, foutcode 0x800b0100: KB2731771: Update voor Windows 7.

Error: (10/13/2012 06:57:10 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installatiefout: de volgende update kan niet worden ge´nstalleerd, foutcode 0x800b0100: KB2731771: Update voor Windows 7.

Error: (10/13/2012 06:52:23 PM) (Source: Service Control Manager) (User: )
Description: De Windows Update-service is gestopt met de volgende foutcode:
%%-2147467243.


Microsoft Office Sessions:
=========================
Error: (10/15/2012 02:51:02 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/15/2012 00:10:27 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/14/2012 08:04:55 PM) (Source: Application Hang)(User: )
Description: vegas110.exe11.0.0.7001b1c01cdaa35f3088fc90C:\Program Files\Sony\Vegas Pro 11.0\vegas110.exe

Error: (10/14/2012 01:21:27 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/13/2012 09:47:24 PM) (Source: Application Hang)(User: )
Description: League of Legends.exe1.0.0.1481b1401cda97a119969400C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.192\deploy\League of Legends.exe

Error: (10/13/2012 06:54:50 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/13/2012 06:51:52 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/13/2012 04:29:30 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/12/2012 06:26:20 PM) (Source: VSS)(User: )
Description: 0x80070005, Toegang geweigerd.


Bewerking:
Schrijvergegevens verzamelen

Context:
Klasse-id van schrijver: {e8132975-6f93-4464-a53e-1050253ae220}
Naam van schrijver: System Writer
Instantie-id van schrijver: {5ca786bb-af53-4dc0-9b2b-079385edb54a}

Error: (10/12/2012 04:24:50 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


=========================== Installed Programs ============================

3DMark05 (Version: 1.3.2)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.278)
Adobe Flash Player 11 Plugin (Version: 11.4.402.278)
Adobe Reader X (10.1.4) - Nederlands (Version: 10.1.4)
Adobe Shockwave Player 11.6 (Version: 11.6.7.637)
AIDA64 Extreme Edition v2.20 (Version: 2.20)
APB Reloaded
Bejeweled 2 Deluxe
BurnInTest v7.0 Standard (Version: 7.0)
CCleaner (Version: 3.23)
ESET Online Scanner v3
Fraps (remove only)
Futuremark SystemInfo (Version: 4.6.0)
Google Chrome (Version: 22.0.1229.94)
Google Update Helper (Version: 1.3.21.123)
GrabIt 1.7.2 Beta 6 (build 1008)
Grand Theft Auto IV (Version: 1.0.0013.131)
Grand Theft Auto IV (Version: 1.00.0000)
Guild Wars 2
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
League of Legends (Version: 1.3)
LogMeIn Hamachi (Version: 2.1.0.215)
Malwarebytes Anti-Malware versie 1.65.0.1400 (Version: 1.65.0.1400)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile NLD Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 15.0.1 (x86 nl) (Version: 15.0.1)
Mozilla Firefox 16.0.1 (x86 nl) (Version: 16.0.1)
Mozilla Maintenance Service (Version: 16.0.1)
MSVCRT Redists (Version: 1.0)
NVIDIA Display Control Panel (Version: 6.14.12.7061)
NVIDIA PhysX (Version: 9.10.0129)
Pando Media Booster (Version: 2.6.0.8)
PunkBuster Services (Version: 0.993)
Realtek High Definition Audio Driver (Version: 6.0.1.6482)
Rockstar Games Social Club (Version: 1.00.0000)
SkypeÖ 5.10 (Version: 5.10.116)
Steam (Version: 1.0.0.0)
Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (Version: 4.0.30319)
TeamSpeak 3 Client (Version: 3.0.6)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Vegas Pro 11.0 (Version: 11.0.700)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinRAR 4.20 (32-bit) (Version: 4.20.0)

========================= Memory info: ===================================

Percentage of memory in use: 35%
Total physical RAM: 3067.61 MB
Available physical RAM: 1979.15 MB
Total Pagefile: 6133.51 MB
Available Pagefile: 4929.9 MB
Total Virtual: 3071.88 MB
Available Virtual: 2957.21 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:445.21 GB) (Free:373.82 GB) NTFS
2 Drive d: () (Fixed) (Total:486.2 GB) (Free:383.06 GB) NTFS
3 Drive e: (GW2_DVD2) (CDROM) (Total:5.73 GB) (Free:0 GB) UDF

========================= Users: ========================================

Gebruikersaccounts voor \\GEBRUIKER-PC

Administrator Gast Gebruiker
De opdracht is voltooid.


**** End of log ****
farbar service scanner:
Farbar Service Scanner Version: 07-10-2012
Ran by Gebruiker (administrator) on 15-10-2012 at 14:52:36
Running from "C:\Users\Gebruiker\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-10-03 16:49] - [2012-08-22 19:16] - 1292144 ____A (Microsoft Corporation) A5EBB8F648000E88B7D9390B514976BF

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-10-10 14:10] - [2012-06-02 06:36] - 0140288 ____A (Microsoft Corporation) 96C0E38905CFD788313BE8E11DAE3F2F

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
adware cleaner:
# AdwCleaner v2.005 - Verslag gemaakt op 15/10/2012 om 14:48:01
# Geactualiseerd op 14/10/2012 door Xplode
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Gebruiker : Gebruiker - GEBRUIKER-PC
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : C:\Users\Gebruiker\Downloads\adwcleaner.exe
# Optie [Verwijderen]


***** [Diensten] *****


***** [Files / Mappen] *****


***** [Register] *****

Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Het register bevat geen enkele ongeoorloofde invoer.

-\\ Mozilla Firefox v15.0.1 (nl)

Profielnaam : default
File : C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\4gip83q9.default\prefs.js

[OK] De file bevat geen enkele ongeoorloofde invoer.

-\\ Google Chrome v [Onmogelijk de versie te verkrijgen]

File : C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] De file bevat geen enkele ongeoorloofde invoer.

*************************

AdwCleaner[S1].txt - [1242 octets] - [15/10/2012 14:48:01]

########## EOF - C:\AdwCleaner[S1].txt - [1302 octets] ##########

junkware removal tool:
Junkware Removal Tool (JRT) by Thisisu
Version: 1.6.2 (10.15.2012)
OS: Windows 7 Home Premium x86
Ran by Gebruiker on ma 15-10-2012 at 14:53:41,99
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys: 0 Detections



*** Files: 0 Detections



*** Folders: 0 Detections



*** FireFox detected and repaired



*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on ma 15-10-2012 at 14:57:46,20
End of Report

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:01 AM

Posted 15 October 2012 - 09:14 AM

Remove the infections detected by malwarebytes and run scan again and post the clean log

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#7 Quickzz x Skippy

Quickzz x Skippy
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 15 October 2012 - 01:07 PM

thats to much man




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users